You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 14, 2021. It is now read-only.
git:// URLs allow a network "man-in-the-middle" attacker to easily substitute malicious code and compromise the user's machine. We should note this issue in the documentation and stop recommending this pattern. It seems irresponsible to provide examples which can get users compromised, while not even mentioning the problem or secure alternatives.
(In the future, warnings for insecure URLs would be great, too)
The text was updated successfully, but these errors were encountered:
I agree, @peter-mtso. HTTPS should be the default because git over SSH requires that you have a private key known to the Git daemon available on the machine you're cloning (or subsequently bundling) from.
Would you mind submitting a pull request to fix this?
git://
URLs allow a network "man-in-the-middle" attacker to easily substitute malicious code and compromise the user's machine. We should note this issue in the documentation and stop recommending this pattern. It seems irresponsible to provide examples which can get users compromised, while not even mentioning the problem or secure alternatives.(In the future, warnings for insecure URLs would be great, too)
The text was updated successfully, but these errors were encountered: